Forum Discussion
vsehgal
Feb 15, 2024Copper Contributor
OnlineMeetings.ReadWrite.All' that doesn't exist on the resource
I am trying to authenticate via OAuth with the following scopes: Calendars.ReadWrite,OnlineMeetingArtifact.Read.All,OnlineMeetings.ReadWrite.All,User.Read However it returns with an error AADSTS...
vikram-MFST
Feb 16, 2024Microsoft
Hello vsehgal Could you please verify that the 'OnlineMeetings.ReadWrite.All' scope is included as an application permission for the corresponding resource in the Azure portal?
- vsehgalFeb 23, 2024Copper Contributor
- vikram-MFSTFeb 27, 2024Microsoft
Hello vsehgal
It looks like you are calling application permissions in the scopes for a user authentication flow. Users will receive delegated permissions after a successful authentication, not application permissions. Also could you please verify if you are using proper permissions?
1)Delegated permissions: Also called scopes, allow the application to act on behalf of the signed-in user.
2)Application permissions: Also called app roles, allow the app to access data on its own, without a signed-in user.
Authentication and authorization basics - Microsoft Graph | Microsoft Learn
Also make sure that when using multiple scopes in the authentication request, the scopes must be separated with a space.- vsehgalFeb 27, 2024Copper ContributorHi Vikram,
Thanks for the insight. A little bit background about this integration -
Cvent is used by Planners to plan their meetings and events who for their virtual events, utilize MS Teams as a solution. The goal of the integration is to be able to create Online meetings on behalf of any user in that client's tenant. For this the client creates an app reg, with the above scopes and permissions, run partial scripts to create an access policy and apply it globally to all users in their organization. We use the apps credentials to authenticate and it works to create and manage meetings and its registrants on behalf of the organizer that is specified by the planner in Cvent (who is a user in this organization).
Hence the application permission. Is there no way to use this OnlineMeetings.ReadWrite.All to be able to create and read the applications on behalf of any user vs just the signed in user?
Thanks,
Vakul